Hi folks, In a previous thread[0] surveying ACME implementations two commercial CAs (BuyPass and DigiCert) outlined that their ACME integrations use external account binding but **not** the Out-of-Band (OOB) challenge type.
As Clint from DigiCert points out[1] having a binding with an external account enables access to the full context of any non-ACME authorizations/challenges the CA requires through existing systems. Overall, the OOB challenge type: * has no server implementations * has no client implementations * has no dependent use-cases presented to the WG * offers a subset of what external account binding already offers Removing it from the draft seems like a sensible decision to me. If there is demand (& accompanying client/server implementations) the challenge type could easily be re-added in a follow-up work. - Daniel / cpu [0] https://mailarchive.ietf.org/arch/msg/acme/oFPXvSnocJZorYiR8Tj6cYbA_wY [1] https://mailarchive.ietf.org/arch/msg/acme/COZ3xDpBTTvgmbbEc8fLDnu0Onw [2] https://github.com/ietf-wg-acme/acme/pull/360
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
